pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c9f2/ALT-PU-2016-1230/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

303 lines
14 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20161230",
"Version": "oval:org.altlinux.errata:def:20161230",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2016-1230: package `virtualbox` update to version 5.0.14-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2016-1230",
"RefURL": "https://errata.altlinux.org/ALT-PU-2016-1230",
"Source": "ALTPU"
},
{
"RefID": "BDU:2015-11847",
"RefURL": "https://bdu.fstec.ru/vul/2015-11847",
"Source": "BDU"
},
{
"RefID": "BDU:2015-11913",
"RefURL": "https://bdu.fstec.ru/vul/2015-11913",
"Source": "BDU"
},
{
"RefID": "BDU:2015-12123",
"RefURL": "https://bdu.fstec.ru/vul/2015-12123",
"Source": "BDU"
},
{
"RefID": "BDU:2016-01654",
"RefURL": "https://bdu.fstec.ru/vul/2016-01654",
"Source": "BDU"
},
{
"RefID": "BDU:2016-01655",
"RefURL": "https://bdu.fstec.ru/vul/2016-01655",
"Source": "BDU"
},
{
"RefID": "CVE-2015-3195",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-3195",
"Source": "CVE"
},
{
"RefID": "CVE-2015-3196",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-3196",
"Source": "CVE"
},
{
"RefID": "CVE-2015-4813",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-4813",
"Source": "CVE"
},
{
"RefID": "CVE-2015-4896",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-4896",
"Source": "CVE"
},
{
"RefID": "CVE-2015-8104",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-8104",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0495",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0495",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0592",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0592",
"Source": "CVE"
},
{
"RefID": "CVE-2016-0602",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-0602",
"Source": "CVE"
}
],
"Description": "This update upgrades virtualbox to version 5.0.14-alt2. \nSecurity Fix(es):\n\n * BDU:2015-11847: Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-11913: Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2015-12123: Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2016-01654: Уязвимость реализации ASN1_TFLG_COMBINE библиотеки OpenSSL, позволяющая нарушителю получить защищаемую информацию из памяти процесса\n\n * BDU:2016-01655: Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2015-3195: The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.\n\n * CVE-2015-3196: ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.\n\n * CVE-2015-4813: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.\n\n * CVE-2015-4896: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.\n\n * CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.\n\n * CVE-2016-0495: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.\n\n * CVE-2016-0592: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.\n\n * CVE-2016-0602: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the \"application directory.\"",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2016-03-14"
},
"Updated": {
"Date": "2016-03-14"
},
"BDUs": [
{
"ID": "BDU:2015-11847",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2015-11847",
"Impact": "Low",
"Public": "20151022"
},
{
"ID": "BDU:2015-11913",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-17",
"Href": "https://bdu.fstec.ru/vul/2015-11913",
"Impact": "Low",
"Public": "20151022"
},
{
"ID": "BDU:2015-12123",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://bdu.fstec.ru/vul/2015-12123",
"Impact": "Low",
"Public": "20151116"
},
{
"ID": "BDU:2016-01654",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "CWE-200",
"Href": "https://bdu.fstec.ru/vul/2016-01654",
"Impact": "Low",
"Public": "20151206"
},
{
"ID": "BDU:2016-01655",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2016-01655",
"Impact": "Low",
"Public": "20151206"
}
],
"CVEs": [
{
"ID": "CVE-2015-3195",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-200",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-3195",
"Impact": "Low",
"Public": "20151206"
},
{
"ID": "CVE-2015-3196",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-3196",
"Impact": "Low",
"Public": "20151206"
},
{
"ID": "CVE-2015-4813",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-4813",
"Impact": "Low",
"Public": "20151021"
},
{
"ID": "CVE-2015-4896",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-4896",
"Impact": "Low",
"Public": "20151021"
},
{
"ID": "CVE-2015-8104",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-8104",
"Impact": "Low",
"Public": "20151116"
},
{
"ID": "CVE-2016-0495",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0495",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0592",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0592",
"Impact": "Low",
"Public": "20160121"
},
{
"ID": "CVE-2016-0602",
"CVSS": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-0602",
"Impact": "Low",
"Public": "20160121"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20161230001",
"Comment": "kernel-source-vboxdrv is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230002",
"Comment": "kernel-source-vboxguest is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230003",
"Comment": "kernel-source-vboxnetadp is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230004",
"Comment": "kernel-source-vboxnetflt is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230005",
"Comment": "kernel-source-vboxpci is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230006",
"Comment": "kernel-source-vboxsf is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230007",
"Comment": "kernel-source-vboxvideo is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230008",
"Comment": "python-module-vboxapi is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230009",
"Comment": "virtualbox is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230010",
"Comment": "virtualbox-common is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230011",
"Comment": "virtualbox-guest-additions is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230012",
"Comment": "virtualbox-guest-utils is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230013",
"Comment": "virtualbox-sdk is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230014",
"Comment": "virtualbox-sdk-xpcom is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230015",
"Comment": "virtualbox-webservice is earlier than 0:5.0.14-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20161230016",
"Comment": "xorg-drv-vboxvideo is earlier than 0:5.0.14-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink